MM Chat Local File Include and Multiple Cross Site Scripting Vulnerabilities

MM Chat Local File Include and Multiple Cross Site Scripting Vulnerabilities

MM Chat is prone to a local file-include and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may exploit the local file-include vulnerability to view files and execute local scripts in the context of the webserver process.

The attacker may also leverage the cross-site scripting issues to execute script code in an unsuspecting user's browser or to steal cookie-based authentication credentials; other attacks are also possible.

These issues affect MM Chat 1.5; other versions may also be vulnerable.